The present invention relates to the field of secure, real-time media communications and, more particularly, to binding keys to secure media streams.
There is an increasing need for providing secure multimedia services to user equipment (UE), such as two way radios and mobile phones. Secure media services can involve transmission of encrypted media streams, which are encrypted/decrypted using a transmission key. These transmission keys can be managed and distributed by group controller/key servers (GCKS) of a key-management system. Key-management systems can distribute the keys in accordance with any number of keying protocols, one of which is the Multimedia Internet KEYing (MIKEY) protocol.
Some solutions for media streams, such as Multimedia Broadcast and Multicast Services (MBMS) and Open Mobile Alliance Push to talk Over Cellular (OMA POC), exist that address issues of secure group communications. MBMS communications can require key to stream bindings. To elaborate, the MBMS approach handles key to stream binding using a three-pronged approach. First keys are delivered via MIKEY. Next, media stream information is conveyed via Session Description Protocol (SDP). Finally a binding between the MIKEY keys and the SDP streams takes place in an Extensible Markup Language (XML) document referred to as the security description. FIG. 1 (Prior Art) shows a sample security description 100 document, which includes key-management information 110, information to bind a Key ID to a media stream 120, and error-correction information 130. The binding information (120) can identity a media flow (e.g., a stream) by IP address 142 and port 144. A group of MBMS Service Keys (MSK) can be identified by KeyDomainID and KeyGroup 146. Individual keys within that group are further identified by KeyNumber. A specific KeyNumber is not particularly important for purposes of binding traffic keys sent via any of the group keys to a media flow.
The MBMS approach (and the OMA POC one) has non-desirable characteristics for Trunked and Conventional Public Safety services running over Long Term Evolution (LTE). Specifically, uses of the MBMS approach for public-safety applications have issues with reliability and delay. The delay is partially a result of a requirement of sending a separate document (e.g., the security description document) to bind keys and streams together. For example, as conventionally implemented, a talkgroup call can begin after the SDP is received and the floor grant is received. With the MBMS approach, the infrastructure needs to send the security description after or along with the SDP to the mobile device. Traditionally, the security description includes IP address 142 and port 144 information that may not be known a priori.
Additionally, coordinating the sending of the security description from a device management (DM) function and the SDP from a Session Initiation Protocol (SIP) typically occurs in a non-synchronized manner. Current delays inherent when sending the security document can be highly problematic, as boundaries for call setup time requirements are already being pushed to their limits.